In a typical networked printing system, numerous computer workstations are coupled via a computer network to one or more print output devices, such as printers, plotters, copiers, facsimile machines and other similar print output devices (referred to herein as “networked printers”). To print a document on a networked printer, a user of one of the computer workstations typically selects a print command from within an application program, such as a word processor, spreadsheet, page layout application or other similar program, and selects one of the networked printers for printing the document. In most cases, such shared networked printing systems are extremely useful and efficient for printing a wide array of documents.
To facilitate ease of use, networked printers are often located in a central area that each user may access, such as a mail room, copy room, supply room or other common area. In some instances, however, a user may wish to print a sensitive document that is not suitable for such public access. For example, a user may wish to print a document that includes personnel information, health records, financial statements or other sensitive information. Unfortunately, previously known shared networked printing systems typically do not permit secure printing. As a result, a user of such a system who prints a sensitive document typically must send the print job to a networked printer and then rush to the device to retrieve the printed document. If the networked printer is not located near the user, the user is distracted on the way to the networked printer, or someone else is already at the networked printer when the print job is sent, the sensitive document may be viewed by unauthorized people.
One previously known printing system that seeks to address this problem is illustrated in FIG. 1. System 10 includes client device 12, which is coupled via network 14 to release station 16 and printer 18. Client device 12 may be a computer workstation, such as a desktop computer, that includes document 20. Network 14 may be a computer network, such as a local area network. Release station 16 may be included as part of printer 18, or may be a separate device that is located near printer 18. To print document 20, client computer 12 may include an application program (not shown) that converts document 20 to an encrypted print stream, and then sends the encrypted print stream along with authentication information to release station 16 via network 14. For example, the authentication information may be a user-supplied password.
On receipt, release station 16 stores the encrypted print stream and authentication information on hard disk drive (“HDD”) 22 included in printer 18. To obtain a printout of document 20, the user then goes to release station 16 and enters the authentication information. For example, the user may enter the password on a keypad (not shown) coupled to release station 16. If the authentication information provided by the user matches the authentication information stored in HDD 22, release station 16 then decrypts the encrypted print stream and sends the print job to printer 18.
Unfortunately, printing system 10 has numerous disadvantages that undermine the security and applicability of such systems. First, because client computer 12 sends the encrypted print stream to release station 16 before authentication occurs, the encrypted print stream may be intercepted, and the security of the system may be compromised. For example, a computer hacker may replace printer 18 with a “rogue” printer (i.e., a printer other than printer 18), which may then be used to obtain unauthorized access to document 20. Even though the user may subsequently discover that printer 18 was replaced by the rogue printer (e.g., when the user attempts to authenticate the print job at the printer), the print job will have already been communicated to the rogue printer, and it therefore may be impossible to prevent the unauthorized access.
Second, because a print job remains on HDD 22 until it is printed, the user may be unable to delete the print job from the hard drive without printing the print job. Thus, if a user decides not to print the job, the encrypted print stream may nevertheless remain on HDD 22. As a result, a computer hacker may be able to retrieve the encrypted print job from the hard drive, and obtain unauthorized access to document 20. Third, because system 10 requires that printer 18 include a hard disk drive, the system may not work with a large number of printers that do not include a hard drive. As a result, system 10 has limited applicability.
Referring now to FIG. 2, another previously known secure printing system is described. System 10′ is similar to system 10, but also includes server 24 that is coupled to client device 12 via network 14 and to release station 16′ via network 14′. Networks 14 and 14′ may be the same network (e.g., a local area network), or may be distinct networks (e.g., network 14 may be a local area network and network 14′ may be the Internet). Server 24 includes HDD 26. Release station 16′ may be included as part of printer 18, or may be a separate device that is located near printer 18′. Unlike printer 18 in system 10, printer 18′ need not have a hard disk drive. To print document 20, client computer 12 may include an application program (not shown) that converts document 20 to a print stream, and then sends the print stream along with authentication information to server 24 via network 14. For example, the authentication information may be a user name and password.
On receipt, server 24 stores the print stream and authentication information on HDD 26. To obtain a printout of document 20, the user then goes to release station 16′ and enters the authentication information. For example, the user may enter the password on a keypad (not shown) coupled to release station 16′, which may communicate the authentication information to server 24. If the authentication information provided by the user matches the authentication information stored in HDD 26, server 24 will then send the print stream to release station 16′, which then forwards the print job to printer 18.
Unfortunately, printing system 10′ also has numerous disadvantages that undermine the security and applicability of the system. First, during communication of the print stream from client 12 to server 24, the print stream may be intercepted, and the security of the system may be compromised. Although it may be possible to encrypt the print stream prior to transmission to server 24, the encrypted print job nevertheless will reside on HDD 26 prior to release. As a result, a computer hacker may be able to retrieve the print job from the hard drive, and obtain unauthorized access to document 20. Second, system 10′ requires the addition and maintenance of server 24, which adds to system cost and complexity.
In view of the forgoing, it would be desirable to provide methods and apparatus for secure networked printing.
It further would be desirable to provide methods and apparatus that wait to send a print job from a client device to a networked printer until after authentication information is provided at or near the printer.
It additionally would be desirable to provide methods and apparatus that allow a secure print job to be managed from a client device before the print job is sent to a networked printer.
It moreover would be desirable to provide methods and apparatus for secure document printing that do not require a printer with a hard disk drive.
It also would be desirable to provide methods and apparatus for secure document printing that do not require that the print job be stored on a hard disk drive away from the client device.